Security News > 2021 > April > Experian’s Credit Freeze Security is Still a Joke

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer's request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.

Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian's website, and it reminded me of how truly broken authentication and security remains in the credit bureau space.

Thomas said he and a friend both walked through the process of recovering their freeze PIN at Experian, and were surprised to find that just one of the five multiple-guess questions they were asked after entering their address, Social Security Number and date of birth had anything to do with information only the credit bureau might know.

"You won't see alerts if someone tries to access your file. Banks can check your file if you apply for credit or loans. Utility and service providers can see your credit file."

A security freeze essentially blocks any potential creditors from being able to view your credit file, unless you affirmatively unfreeze or thaw your file beforehand.

With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you.

News URL

https://krebsonsecurity.com/2021/04/experians-credit-freeze-security-is-still-a-joke/